A SECURITY RESEARCHER has exposed a vulnerability in some Samsung handsets that leaves them open to a remote wipe attack.Ravi Borgaonkar showed off the attack at the Ekoparty security conference, reports Slashgear. There he showed how a hacker could direct the user to a webpage where some malicious code could plunge them into a factory reset nightmare. Borgaonkar's talk, Dirty use of USSD Codes in Cellular Network, showed how the Unstructured Supplementary Service Data (USSD) protocol, which is commonly used, can be exploited by attackers.

The attack can rely on people following links that suggest a trip to a website where you might see a "sexy co-ed" or equivalent. But as we have seen time and time before, people will fall for this type of thing. QR codes can also send people to attack webpages, according to Borgaonkar, as can NFC tags. Basically, anything that can open a URL can be used. He said that attackers can kill a SIM card and wipe the handset in just three minutes, adding that although victims can see what is happening they will be powerless to stop it.

Samsung devices running Touchwiz appear to be affected. We have asked Samsung to comment. In the meantime, and unless you want to be targeted by gits, you might consider turning off automatic page loading in your NFC and QR code reading apps.